In the recent Q4 2024 Cyber Threat Report released by Travelers, it was revealed that ransomware groups have impacted more victims in the final quarter of the year than ever before. This surge in attacks signifies a shift from mass-scale vulnerability exploits to more targeted and repeatable methods, such as exploiting weak VPN and gateway credentials that are not protected by multifactor authentication (MFA). Travelers’ researchers attribute this change in tactics to a ransomware training playbook leaked in 2023, which encouraged the targeting of commonly used VPNs with weak credentials.
Furthermore, the report also identified a total of 55 new ransomware groups in 2024, marking a significant 67 percent increase from the previous year. This rise in the number of smaller and more agile cybercriminal groups can be linked to factors such as the disruption of well-established Ransomware-as-a-Service (RaaS) platforms like LockBit by law enforcement agencies.
Moreover, there has been a noticeable increase in the targeting of IT services and consulting firms by ransomware groups. These entities serve as intermediaries for various industries, making them vulnerable targets that can amplify the impact of an attack through their connections to multiple clients.
Jason Rebholz, Vice President and Cyber Risk Officer at Travelers, emphasized the effectiveness of basic attack techniques employed by ransomware groups. He noted that these groups have been actively seeking out targets and achieving significant success in carrying out attacks. Rebholz stressed the importance of businesses implementing proven security controls, such as MFA, to make it more difficult for malicious actors to breach their organization’s defenses.
In conclusion, the findings of Travelers’ Q4 2024 Cyber Threat Report underscore the growing threat posed by ransomware groups and the need for businesses to enhance their cybersecurity measures to protect against such attacks. With the rise of more targeted and sophisticated methods employed by cybercriminals, organizations must remain vigilant and proactive in safeguarding their digital assets and sensitive information.